Posted by: David Harley | July 23, 2015

Yosemite 0-Day: vendor and researcher ethics

This article by Chris Williams for The Register on Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet appeared yesterday, and does a reasonable job of describing what the problem is.

Today’s blog by Graham Cluley for Intego – Apple Criticised for Not Patching OS X Yosemite Zero-Day Vulnerability is rather more analytical in terms of ethical considerations: not only the ethics of responsible disclosure, but also the assertion that Apple has fixed the bug in the beta of the forthcoming El Capitan, but hasn’t backported it to Yosemite.

David Harley

Posted by: David Harley | July 23, 2015

AV-Comparatives Mac Product test

AV-Comparatives has released its 2015 OS X review/test report, comparing 10 products. Its remit is far wider than the malware protection test (consisting of 105 samples that OS X Yosemite doesn’t or didn’t block), including:

  • Operating systems supported
  • Additional features  a firewall or anti-phishing capability
  • Installation/deinstallation options and issues.
  • Interface aspects and issues
  • Operating system integration
  • Whether a user with a standard user account can disable the protection.
  • Scanning options
  • The quality of the help facilities.

Unusually, the type of alert shown when the EICAR test file and various features on the AMTSO Security Features pages are accessed.

On a quick scan, it looks like AV-Comparatives has done its usual thorough job.

David Harley

Posted by: David Harley | July 17, 2015

Malwarebytes for Mac

I note with some interest the launch of Malwarebytes Anti-Malware for Mac, as announced in an article by John Leyden for The Register. Interesting, too, to read that the company has brought on board Thomas Reed and his AdwareMedic program. I know one or two of the guys over at Malwarebytes, and they’re knowledgeable people with a useful product.

However, I have to take issue with the following:

According to a June 2015 OPSWAT report, only half of Mac users have antivirus protection, and that protection does not typically detect adware. In the last two years, there has been a proliferation of new adware – including Genieo, Conduit, and VSearch…

I’m not sure where that assertion that Mac AV doesn’t typically detect adware comes from (an OPSWAT test, maybe?), but it’s misleading at best. All three of the examples of adware cited here are known to at least one AV company, or are listed as such on its website. ;) It may be that Malwarebytes has better detection of Mac adware than some or all AV products – I’m not in a position to test, but that’s one of the strengths of the Windows product – but that’s rather different.

David Harley

Posted by: David Harley | July 17, 2015

A bit more on iOS support scams

Since my last couple of articles here have been about support scams using Safari (especially) to deliver fake alerts on OS X and iOS devices, I should also mention an article by Sean of F-Secure that points out that disabling pop-ups using Safari’s pop-up blocking  [Settings -> Safari -> Block Pop-ups] and/or fraudulent website warning won’t fix the problem, or at any rate doesn’t work against the example described in the article. The article says that this is because in F-Secure’s examples, the pop-up is not actually a pop-up but a JavaScript-generated dialog.

Actually, JavaScript can be used to generate pop-ups, but I guess that isn’t the same thing. Anyway, the essential point is that Block Pop-ups doesn’t work here, apparently. (Sorry, I’m not in a position to check, but F-Secure doesn’t usually get this sort of thing wrong.) The Apple article cited by The Telegraph as well as F-Secure does include a note on disabling JavaScript via Settings > Safari > Advanced but as Sean rightly points out, while this is a quick way of regaining control of a pop-up-pestered iGadget, leaving it disabled will probably impact your browsing experience on some legitimate sites.

Did I mention that I maintain a collection of links to tech support scam information on the AVIEN blog? These articles are being added to that page as I go along.

David Harley


Posted by: David Harley | July 16, 2015

iOS Support Scams

A new blog by Graham Cluley for Intego actually has some points in common with my most recent blog here (which also involved pop-ups misused by support scammers, particularly in the context of Safari). However, Graham’s article is about iOS, whereas mine related to questions asked regarding OS X and Safari (citing advice from Thomas Reed that also addressed other browsers).

The Intego blog takes as a starting point an article in the Telegraph by  that explains how:

Users are reporting fake crash reports demanding payment in order to fix their Apple devices

These variations of the scam continue the trend away from direct cold-calling and towards tricking the victim into initiating the phone conversation with ‘iOS crash reports’ requiring the victim to call ‘Apple technical support’ at a number given in the pop-up message.

The Telegraph article focuses on reports from the UK, but Graham has found reports from North America  going back to last September if not earlier.

According to a variety of resources, this will get rid of a persistent pop-up of this type:

  • Put the device into Airplane mode.
  • Go to Settings > Safari> Clear History and Website Data.
  • Reopen Safari. Turn off Airplane mode.

Graham also offers a quick guide to blocking pop-ups proactively. Apple suggests a number of proactive measures worth considering. But the first thing to remember is not to ring that number.

I maintain a collection of links to tech support scam information on the AVIEN blog.

David Harley

Posted by: David Harley | July 14, 2015

Support scams

…not a topic we discuss much here, as support scammers tend to focus on Windows users, though I have addressed it occasionally:

However, I found a comment on this site today from someone about pop-ups they were seeing on Safari “saying that my computer has a virus and i need to call a certain number to get it removed”. (I’ve already responded to the comment, by the way.)

I can’t offer one-to-one tech support, I’m afraid – my days in Mac and PC support are long behind me – and I’m not generally in favour of trying to offer a one-size-fits-all solution for the benefit of anyone checking this site. There are too many sites offering various kinds of advice to users that in some circumstances might actually make things worse, and since I don’t want to fall into that trap, I try to avoid offering generalist advice that I’m not in a position to test exhaustively.

That said, Thomas Reed’s The Safe Mac site features generally sound commentary and advice page and has an article here that specifically addresses pop-up scam ‘virus alerts’ targeting Mac users, and if you’re seeing something like this, his advice on how to get rid of a scam message may work for you. I’ve had a few conversations with Thomas regarding malware in the past couple of years, and he seems pretty well-informed. There are also lots of comments worth reading from other victims, and Thomas is pretty good at responding to them.

While it doesn’t specifically talk about support scams, Apple has a page here that might be helpful in terms of dealing with other ad-injection software issues.

I maintain a collection of links to tech support scam information on the AVIEN blog.

David Harley

Posted by: David Harley | July 1, 2015

A word of caution

I’ve been asked (again) about MacKeeper. The name has come up several times in comments directed towards Mac security sites like this one, Mac-related user forums and on various specialized lists, in the context of dubious malware alert pop-ups and aggressive marketing. I’ve never used or tested the product myself(and don’t intend to – as long as I’m getting a sizeable proportion of my income from a security product, I prefer not to return to formally testing other security products), I haven’t seen any of the behaviour of which the product is accused at first hand, and I obviously can’t in normal circumstances confirm the veracity or otherwise of accusations made in blog comments. However, a recent Graham Cluley article about a specific zero-day issue (reportedly now fixed) with MacKeeper actually points to a number of less-than-flattering articles about the product.

Worth taking a look first if you’re thinking about buying it. In particular, you might want to read the Cult of Mac article from 2012: it includes a statement from MacKeeper’s PR Director, offering some explanations for its bad reputation.

Posted by: David Harley | June 26, 2015

Contact Form

Though quite a few people seem to read this blog, not many actually comment (which is fine). Of those who do, quite a few are asking questions about malware or security rather than commenting on the site or specific articles, so I’ve added a contact page here, as not everyone wants to share their own security concerns with the whole online world.

While I’ll respond – if appropriate – to emails sent that way as soon as possible, I can’t guarantee a quick response. If you have a query about malware affecting your Mac or other device, I’d recommend that you contact the help team for your chosen security software. In many other cases, you may find that contacting one of the many forums where users of the same device share issues and information gets you a faster response.

I’m afraid I don’t have the time and resources to offer one-to-one support. I may, when time allows, put up some links to possibly-useful pages.

David Harley
Small Blue-Green World

Posted by: David Harley | June 19, 2015

0-day flaw in iOS and OS X

This is interesting, in a depressing sort of way:  it’s a report on Unauthorized Cross-App Resource Access on Mac OS X and iOS documenting a combination of issues that affect both OS X and iOS. The researchers behind the report are from the universities of Indiana, Tsinghua, and Peking, and the Georgia Institute of Technology. They state that:

We reported this vulnerability to Apple on Oct. 15, 2014, and communicated with them again in November, 2014 and early 2015.

However, they say that the issues have not so far been resolved. The report is quite long and detailed, but if you want a briefer summary, there have been plenty of summarizing articles:

David Harley
Small Blue-Green World

Posted by: David Harley | May 22, 2015

Apple Store app 2FA

Slash Gear tells us that Apple Store app gets 2-step verification, Touch ID security. J.C. Torres tells us that the updated iOS app:

…will also now require additional authentication when viewing order history or making reservations at retail stores. This time, however, it will be the more convenient Touch ID that will be required instead of a separate passcode.

David Harley
Small Blue-Green World

Older Posts »



Get every new post delivered to your Inbox.

Join 50 other followers